ESET researchers discovered an unknown family trojan malware που εξαπλώνεται μέσω κακόβουλων torrents και χρησιμοποιεί πολλαπλές μεθόδους για να αποbreak from her victims as much cryptocurrency as possible while remaining undetected.
ESET has named the threat KryptoCibule and, according to its telemetry, the malware appears to target mainly users in the Czech Republic and Slovakia.
This particular malware is a triple threat to cryptocurrencies. It uses theconditions of the victim to mine coins, attempts to infiltrate transactions by replacing wallet addresses in the clipboard, extracts files related to cryptocurrencies, while deploying multiple techniques to remain undetected. KryptoCibule makes extensive use of the Tor network and the BitTorrent protocol in its communication infrastructure.
ESET has identified several versions of KryptoCibule, allowing us to study its evolution from December 2018 until today. Malware remains active, new features were added during its lifetime and is constantly evolving.
Most of the victims are located in the Czech Republic and Slovakia, and this reflects the user base of the site where the infected torrents are located. Almost all the malicious torrents were available on uloz.to, a popular file-sharing website on two Countries. Additionally, KryptoCibule checks specifically for presence productof ESET, Avast and AVG security. ESET is based in Slovakia, while the rest are owned by Avast, which is based in the Czech Republic.
More technical details about KryptoCibule, you can read the relevant blogpost “KryptoCibule: The multitasking multicurrency cryptostealer”At WeLiveSecurity.